or Connect
AppleInsider › Forums › Mobile › iPad › Los Angeles schools halt home use of district-issued iPads after students hack security restrictions
New Posts  All Forums:Forum Nav:

Los Angeles schools halt home use of district-issued iPads after students hack security restrictions

post #1 of 110
Thread Starter 
The Los Angeles Unified School District has suspended home use of Apple's iPad by students until further notice following the revelation that a number of students had bypassed the school-installed security features on the device.



After one week with the devices, 300 LAUSD students were able to bypass the content restrictions the district had installed on their iPads, enabling them to browse sites such as YouTube and FaceBook, both of which were blocked along with other sites by the district's policy. Administrators were still handing out devices last week when the students' workaround was discovered, according to The Los Angeles Times.

Now, the district has halted home use of the devices, and scrutiny of the program has increased. Sources within the district say that the development may delay the rollout of a massive program that would see Apple providing an iPad for every student in the LAUSD.

Student profiles on the devices come with restrictions built in, preventing them from accessing services such as Twitter, Pandora, and other popular sites. This restriction reportedly extends to when the devices leave a campus and are taken home, leading to student complaints about the severity of the limitations.

The students who circumvented the restrictions did so by simply deleting their personal profiles, whereupon they were free to surf and tweet.

Within hours, the details of the bypass spread throughout the district by word of mouth and Twitter.

With the at-home use suspension, administrators are looking to head off further spread of the workaround, as they believe it raises potential issues regarding student safety.

"Outside of the district's network, a user is free to download content and applications and browse the Internet without restriction," two senior administrators said in a memo to the Board of Education and L.A. Schools Superintendent John Deasy. "As student safety is of paramount concern, breach of the... system must not occur."

However, administrators seemed only mildly confident that they could keep the workaround under wraps.

"I'm guessing this is just a sample of what will likely occur on other campuses once this hits Twitter, YouTube or other social media sites explaining to our students how to breach or compromise the security of these devices," LAUSD Police Chief Steven Zippermean wrote in a confidential memo. "I want to prevent a 'runaway train' scenario when we may have the ability to put a hold on the roll-out."
post #2 of 110
Best evidence yet that this technology has no place being issued to every student. Keep a lid on it in the school lab. Not so much because it doesn't have a legitimate use but because the little bastards can't be trusted. And their parents are probably no better. Old dad probably would be on xhamster.com with the kid's iPad.
post #3 of 110
Aren't those profiles kept in Settings and can't they just lock down Settings to prevent this?
Edited by akqies - 9/25/13 at 2:00pm
post #4 of 110
Ummm! Apple needs a crack team of 8 people to get on jet to nip this s@*t in the bud!
post #5 of 110
Quote:
Originally Posted by lkrupp View Post

Best evidence yet that this technology has no place being issued to every student. Keep a lid on it in the school lab. Not so much because it doesn't have a legitimate use but because the little bastards can't be trusted. And their parents are probably no better. Old dad probably would be on xhamster.com with the kid's iPad.

Not the answer bro.
post #6 of 110
Quote:
Originally Posted by akqies View Post

Are those profiles kept in Settings and can't they just lock down Settings to prevent this?

 

You cannot keep people out of the settings app, but there are certain things you can restrict with Profile Manager. I'm thinking they missed a setting or something when configuring the iPad for their filter. It sounds like the internet filter has a profile or something and it was left wide open. 

post #7 of 110
Quote:
Originally Posted by macxpress0660 View Post

You cannot keep people out of the settings app, but there are certain things you can restrict with Profile Manager. I'm thinking they missed a setting or something when configuring the iPad for their filter. It sounds like the internet filter has a profile or something and it was left wide open. 
Good post!

No histrionics! 1smile.gif
post #8 of 110

One thing that is interesting about this program is each kid will also have an Apple ID.  There is another big source of potential trouble for the district and Apple.

post #9 of 110
Originally Posted by christopher126 View Post
Ummm! Apple needs a crack team of 8 people to get on jet to nip this s@*t in the bud!

 

What responsibility is this of Apple’s?

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #10 of 110
I predicted this would be a disaster before it started. The district is surprised. I'm not.
post #11 of 110
If only they had used Chromebooks! It would have been cheaper per student, and they would have avoided this fiasco! (Not to mention they would have good centralized management.)
post #12 of 110
Quote:
Originally Posted by AppleInsider View Post

This restriction reportedly extends to when the devices leave a campus and are taken home, leading to student complaints about the severity of the limitations.

 

"Complaints"??  I'll fix that.  Go buy your own f#!king iPad then.  You're given one (technically for free for school use) and suddenly they feel they should do what they want with it?

If I were their age, I'd probably do the same thing and hack it simply because of my curiosity and challenge.  However, I'd expect them to clamp down on it if word got out.  It's an expectation simply because... it's not mine!!

post #13 of 110

Ok.. why these profiles are not password protected against delete? Were they password protected and the students circumvented this security measure?

post #14 of 110

What's the problem? These kids are just being trained for the NSA

Help! I'm trapped in a white dungeon of amazing precision and impeccable tolerances!

Reply

Help! I'm trapped in a white dungeon of amazing precision and impeccable tolerances!

Reply
post #15 of 110
Quote:
Originally Posted by brians View Post

If only they had used Chromebooks! It would have been cheaper per student, and they would have avoided this fiasco! (Not to mention they would have good centralized management.)

 

Seriously? Did you miss the /s for sarcasm?

post #16 of 110
Quote:
 preventing them from accessing services such as Twitter, Pandora, and other popular sites. This restriction reportedly extends to when the devices leave a campus and are taken home, leading to student complaints about the severity of the limitations.

 

Severity? Really? Why should you be allowed to access anything but education material on an education device? 

 

Also, I think Apple should step in here. NOT because it is their responsibility, but because they want more education sales and therefore should help resolve these issues. Apple should easily be able to Kiosk the iPads for educational use. 

post #17 of 110
Looks like the Education Dept didn't bother to test their "security" system. Fail.

Please update the AppleInsider app to function in landscape mode.

Reply

Please update the AppleInsider app to function in landscape mode.

Reply
post #18 of 110
And in another news -- Boeing engineers are found playing Tiny Wings on their company issued iPad4 during work hours.
post #19 of 110
The blame is on the IT managers not the students. Proper configuration of an MDM system would have kept them out. The MDM has a separate admin password for all system changes. This is inexcusable. I'd bet the IT managers and techs (if they had any) never read the manuals.
post #20 of 110
Quote:
Originally Posted by Avonord View Post

And in another news -- Boeing engineers are found playing Tiny Wings on their company issued iPad4 during work hours.

 

if it keeps them from drinking and flying, I'm all for it :lol: 

post #21 of 110
Quote:
Originally Posted by rob53 View Post

The blame is on the IT managers not the students. Proper configuration of an MDM system would have kept them out. The MDM has a separate admin password for all system changes. This is inexcusable. I'd bet the IT managers and techs (if they had any) never read the manuals.

 

That's like blaming the lock company and not the home intruder. I don't think students should be allowed to do what they want as long as they can find someone else to blame. 

post #22 of 110
Oh, no! The students can access the internet! Definitely can't have that happening. Not sure how it's a disaster, though.
post #23 of 110
Not surprised. School District IT staff tend to not be very competant at this sort of stuff - they can install and manage Deep Freeze but that seems to be the extent of their abilities.

Though I do fault Apple a little here, if they're going to sell millions of units they can afford to write a doc for all school districts around the country to use to properly lock down the devices such that...

1. They're traceable if they are lost/stolen. This also removes the theft incentive if the school district can just remotely brick the iPad (especially w/ iOS 7's activation lock).
2. Prevent students from visiting illicit sites.
3. Prevent students from visiting prohibited sites (FB, twitter).
4. Only install authorized apps.

Cisco and some other companies offer pay-for products, but Apple should give schools the tools necessary to manage their fleets of iPads.
post #24 of 110
MSM headline: Apple iPads hacked by students!
post #25 of 110

Deleting personal profiles is hardly hacking. Puleese ...

post #26 of 110
Quote:
Originally Posted by lkrupp View Post

Best evidence yet that this technology has no place being issued to every student. Keep a lid on it in the school lab. Not so much because it doesn't have a legitimate use but because the little bastards can't be trusted. And their parents are probably no better. Old dad probably would be on xhamster.com with the kid's iPad.

 

More like, "Best evidence yet that restricting YouTube and Facebook is silly."  What could they possibly do with access to either that is wrong or that they can't normally do on any other computer?  

 

Device management wise, I think the mistake is letting them take them home at all.  Within the school grounds they can be easily managed and maintained.  Once you give them to the students to take home, you should expect to lose all control regardless.  

post #27 of 110
As "The Big Bang Theory" Sheldon Cooper said while 'working' as a faux customer service rep in a computer store when being lead away, "By the way, a six year-old could hack your computer system. 1-2-3-4 is not a secure password!"

Ten years ago, we had Steve Jobs, Bob Hope and Johnny Cash.  Today we have no Jobs, no Hope and no Cash.

Reply

Ten years ago, we had Steve Jobs, Bob Hope and Johnny Cash.  Today we have no Jobs, no Hope and no Cash.

Reply
post #28 of 110
Quote:
Originally Posted by Tallest Skil View Post

What responsibility is this of Apple’s?

I take ur point. But not every organization is as smart as Apple. Most have people working for them that have the personalities of dented shit cans. Especially, in IT, and doubly so, in US School districts! I wouldn't trust most of them with a pair of scissors! 1smile.gif

Just saying, on big time orders it's worth paying a team a few $100 grand to help get it implemented correctly and avoid the bad press!

Chill, bro! 1smile.gif
Edited by christopher126 - 9/25/13 at 2:36pm
post #29 of 110
Quote:
Originally Posted by WelshDog View Post
 

One thing that is interesting about this program is each kid will also have an Apple ID.  There is another big source of potential trouble for the district and Apple.

 

Indeed, the fact that Apple's devices (including the computers now) all require an individual consumer Apple ID to work properly is the biggest issue facing those who wish to deploy classroom sets, or work computers in general.  They still haven't got bulk purchasing worked out properly and in most schools that I've worked with, having an institutional account connected to a credit card is a non-starter in any case.  

 

There are numerous problems associated with using iPads particularly, in anything other than full "open" mode.  

post #30 of 110
Quote:
Originally Posted by rob53 View Post

The blame is on the IT managers not the students. Proper configuration of an MDM system would have kept them out. The MDM has a separate admin password for all system changes. This is inexcusable. I'd bet the IT managers and techs (if they had any) never read the manuals.
Bingo! Best post! After mine, that is! 1smile.gif
post #31 of 110
OK, who is the mental midget who isnt using a MDM or Apple Configurator? I deploy many iPads and lock down the settings so much that if it even goes off campus without permission I know. BTW thats on a University campus.
post #32 of 110

"deleting their personal profiles"

 

What group of morons expected THAT would never be stumbled across?

post #33 of 110
I had no idea the LAUSD intended to lock down these devices. How futile. A school district's IT department is no match for hundreds of thousands of motivated kids with hours and hours of time to kill. Reminds me of my days in high school. They will never be able to stay very far ahead of the next hack!

Keep hacking kids! I'm proud of you!

Go LACES Unicorns!!
post #34 of 110
Quote:
Originally Posted by Richard Getz View Post

That's like blaming the lock company and not the home intruder. I don't think students should be allowed to do what they want as long as they can find someone else to blame. 

I would blame the lock company if they failed to construct a lock properly. Apple has documented how to secure iOS devices so this shouldn't have happened. Students are inquisitive so it doesn't surprise me they tried bypassing the restrictions (and succeeded). People are quick to blame a "tool" and give the user of that tool a free pass. Learn how to use iOS devices and how to configure them properly before giving them to anyone. I've been monitoring secure configurations of iOS devises since they first came out. Government installations have the same usage rules as schools and they have them locked down. School administrators need to do their own homework before telling students to do there's.
post #35 of 110
Most of these kids have six other ways to get to the same content. So how exactly are K-12 schools teaching students how to cope with the real world by pretending it doesn't exist? This is more about avoiding political embarrassment than preparing youth to cope with the digital world.
post #36 of 110
If this is a true "one laptop per student" type of program, there SHOULD be NO restrictions at all on the thing...I can understand having restrictions if this is a lab device, but from what it looks like, these were being distributed to many students who could not afford a home computer...and of course, they are going to want connectivity and social networking, etc...when they are at home. It just sounds ridiculous to try a take-home program like this and put restrictive access profiles and filters on the device.

Just my opinion. When I was that age I had a PowerMac and a PowerBook, and a fast cable modem to enjoy it all....in like 1997.
post #37 of 110

Most of these kids have six other ways to get to the same content. So how exactly are K-12 schools teaching students how to cope with the real world by pretending it doesn't exist?  This is more  about avoiding political embarrassment than preparing youth to cope  with the digital world.  

post #38 of 110
How are enterprise customers managing to keep their devices controlled, if "delete the profile" is all that is needed to cancel restrictions?

Did the district miss something they should have done?
post #39 of 110
Quote:
Originally Posted by IThinkIjustSaid View Post

I predicted this would be a disaster before it started. The district is surprised. I'm not.

Seriously, I saw this coming 10 miles away, too! There's alot more dumber people out there than I thought. And the worst part, they are in the business of educating our future :-/ Seems the students should be the ones teaching!

These little bastards don't need iPads, anyway! I didn't even get my first iPad til a year ago and I had to PAY for it! Spoiled brats
post #40 of 110

The families or the students themselves should have to either buy or rent these iPads. At least then there would be some level of accountability and any 'out of bounds' activity would have a real-world repercussion.

 

IMO, home schooling or work-group style learning is far superior to the traditional American school model. Intelligent students are only brought down by class clowns and social miscreants and creative students who don't fit into a factory-like "educational" setting have little hope of actually learning. An iPad at home and Internet access gives all kids an intellectual and creative advantage... so long as they can be kept off Facebook or YouTube (which is a commenting cesspool).

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPad
  • Los Angeles schools halt home use of district-issued iPads after students hack security restrictions
AppleInsider › Forums › Mobile › iPad › Los Angeles schools halt home use of district-issued iPads after students hack security restrictions